Main menu

Search
Login
Signup
Links
<< Previous thread | Next thread >>   
Virus in winPenPack 3.4?

Go to page       >>  
Author Post
Danix
Sat 31 May 2008 - 12:26

online

Registered Member #1
Joined: Fri 29 Dec 2006 - 05:38
Location: Sassari
Posts: 12956

-----------------------------------------------
Vedi anche la News del 25.08.2008
-----------------------------------------------

In seguito ad alcune segnalazioni riguardanti la presenza di virus nei winPenPack, informiamo che il problema non deriva dalla presenza di malware nelle collezioni, ma dal fatto che alcuni programmi, per loro natura o perchè compressi con UPX (un particolare programma che permette di ridurne le dimensioni), possono esser rilevati erroneamente come infetti da alcuni antivirus. Si tratta quindi di "falsi positivi".

Comunque, come ulteriore conferma, vi consigliamo una scansione del file sospetto su Virus Total. In questo caso sarebbe utile individuare il file "incriminato" e postare i dettagli nel forum insieme a uno screenshot dell'analisi effettuata.

Vi preghiamo inoltre di segnalarci la presenza di eventuali altri falsi positivi in questa sezione del forum (Help - winPenPack).

Nella versione 3.4 di winPenPack sono stati segnalati i seguenti falsi positivi:

ipscan221.exe -Link- -Link-
jkdefragTWGUI.exe -Link- -Link-
libthinice.dll -Link-
REGCLEAR.exe -Link- -Link-
cp950.so -Link- (new!)

Info dagli autori:

ipscan221.exe -Link-
jkdefragTWGUI.exe -Link-

\XDrive\X-File(s).exe:

Clamwin riporta erroneamente come contentente virus Trojan ogni X-File.exe, incluso nella cartella \XDrive, distribuito con le versioni portabili; effettuando controlli approfonditi su VirusTotal, gli altri antivirus non riportano presenza di virus. Questa segnalazione è dovuta alla compressione UPX automatica applicata da AutoIt3 nella compilazione del launcher.


[ Edited Tue 09 Sep 2008 - 16:11 ]
Back to top
Website
Danix
Sat 31 May 2008 - 12:42

online

Registered Member #1
Joined: Fri 29 Dec 2006 - 05:38
Location: Sassari
Posts: 12956
---------------------------------------------------------
See also the News published on 25.08.2008
---------------------------------------------------------

Due to some reports concerning the presence of viruses in winPenPack, we want to inform you that the problem does not depend from the real presence of malware in the collections, but from the fact that some programs, by their nature or because compressed with UPX (a particular program that allows you to reduce size) may be incorrectly reported as infected by some antivirus programs. Therefore they are "false positives".

However, as a further confirmation, we recommend a scan of suspected files on Virus Total service. In this case it would be useful to locate the "suspect" file and post the details in the forum along with a screenshot of the analysis. Please also signal the presence of any other false positives in this section of the forum (Help - winPenPack).

In winPenPack 3.4 have been reported the following false positives:

ipscan221.exe -Link- -Link-
jkdefragTWGUI.exe -Link- -Link-
libthinice.dll -Link-
REGCLEAR.exe -Link- -Link-
cp950.so -Link- (new!)

Author's info:

ipscan221.exe -Link-
jkdefragTWGUI.exe -Link-

\XDrive\X-File(s).exe:

Clamwin wrongly reports as infected by Trojan virus every X-File.exe, included in \XDrive folder, distributed with the portable versions; doing more analysis on VirusTotal, the other antivirus does not report anything souspicious. This is due to the automatic UPX compression applied by AutoIt3 on the script compilation.


[ Edited Tue 09 Sep 2008 - 16:13 ]
Back to top
Website
raffalias
Mon 09 Jun 2008 - 23:47
online
Registered Member #11682
Joined: Sat 07 Jun 2008 - 01:38
Posts: 1
A me Avast ha segnalato che il programma "Advanced Process Manipulation", presente nella sezione "Portable Software" -> "Sistema" -> "Processi/Startup" è infettato da un virus. In realtà insieme al programma viene fornita in una sottocartella una DLL di esempio, con il codice sorgente, che si può eliminare
Back to top
Danix
Mon 09 Jun 2008 - 23:53

online

Registered Member #1
Joined: Fri 29 Dec 2006 - 05:38
Location: Sassari
Posts: 12956
Grazie della segnalazione, raffalias (e benvenuto su winPenPack).
Ma ti riferisci a un programma scaricato dalla sezione download e non a uno incluso in winPenPack v3.4, o sbaglio?
Back to top
Website
dayn2489
Sun 06 Jul 2008 - 20:28
online
Registered Member #12202
Joined: Sun 06 Jul 2008 - 20:05
Posts: 1
False alarm or not. 2 different Virus programs on 2 different computers, would not allow me to install Winpenpack 1gb on either computer.
My desktop with Trend Micro, and my laptop with ZoneAlarm, both stopped installation when MHTUPU.WEX tried to install.
Too bad, I was looking forward to using your package, but will have to move on. Take a look at PCWorld.com on how your software is rated.
Back to top
Danix
Sun 06 Jul 2008 - 21:57

online

Registered Member #1
Joined: Fri 29 Dec 2006 - 05:38
Location: Sassari
Posts: 12956
dayn2489 wrote ...

both stopped installation when MHTUPU.WEX tried to install.
Too bad, I was looking forward to using your package, but will have to move on. Take a look at PCWorld.com on how your software is rated.

There is no file with that name in winPenPack collections, neither on google -Link-



[ Edited Sun 06 Jul 2008 - 22:00 ]
Back to top
Website
Luke_1958
Mon 11 Aug 2008 - 10:29

online
Registered Member #12836
Joined: Mon 11 Aug 2008 - 10:17
Posts: 3
ClamWin rileva come infetti da un troiano tutti gli eseguibili contenuti nella cartella XDrive (http://www.virustotal.com/it/analisis/a790f1a8d2c8e6ed158018d5767e3e1c) e durante la scansione il modulo Avira rileva la comparsa di un altro troiano nella cartella impostazioni locali\temp.
Presumo sia un errore dovuto alle routine di compressione ma ho voluto segnalarvelo.
Saluti Luca
Back to top
zandet2
Tue 12 Aug 2008 - 19:11

online

Registered Member #3184
Joined: Tue 06 Mar 2007 - 11:52
Location: Busto Arsizio
Posts: 3301
Aggiornato topic per segnalazione Trojan in X-Launcher da parte di ClamWin.
Back to top
Danix
Wed 03 Sep 2008 - 21:44

online

Registered Member #1
Joined: Fri 29 Dec 2006 - 05:38
Location: Sassari
Posts: 12956
Aggiunta news in home page.
Back to top
Website
Danix
Mon 08 Sep 2008 - 21:48

online

Registered Member #1
Joined: Fri 29 Dec 2006 - 05:38
Location: Sassari
Posts: 12956
------------------------------------
X-ClamWin fixed!

-------------------------------------


\XDrive\X-File(s).exe:

Clamwin riporta erroneamente come contentente virus Trojan ogni X-File.exe, incluso nella cartella \XDrive, distribuito con le versioni portabili; effettuando controlli approfonditi su VirusTotal, gli altri antivirus non riportano presenza di virus. Questa segnalazione è dovuta alla compressione UPX automatica applicata da AutoIt3 nella compilazione del launcher.


Abbiamo segnalato il problema a Luca Gibelli del ClamAV Team che ha provveduto prontamente a risolvere la situazione.
Ora X-ClamWin, una volta aggiornato alle ultime definizioni, non segnala più i launchers come infetti da Trojan.Qhost-166.


\XDrive\X-File(s).exe:

Clamwin wrongly reports as infected by Trojan virus every X-File.exe, included in \XDrive folder, distributed with the portable versions; doing more analysis on VirusTotal, the other antivirus does not report anything souspicious. This is due to the automatic UPX compression applied by AutoIt3 on the script compilation.


The ClamAV Team has fixed the problem. If you update your X-ClamWin antivirus, X-File(s).exe are not more marked as infects from Trojan.Qhost-166.






[ Edited Tue 09 Sep 2008 - 13:45 ]
Back to top
Website

Go to page       >>  
Moderators: Danix, Taf, Rcs, Energy, zandet2, ZioZione, Admin, LordJim60

Jump:     Back to top

Syndicate this thread: rss 0.92 Syndicate this thread: rss 2.0 Syndicate this thread: RDF
Powered by e107 Forum System